On 23/11/2019 09.21, Arno Wagner wrote: > If you do that, you kill the security model of LUKS. Did you read my original post ? I explaines, that the LUKS header is never stored on disk. What use are antiforensic stripes, when LUKS header only exists in memory ? > The anti-forensic stripes are not some gadget, they > are central. yes, when header is stored on disk. > Also, the key-slots are the stripes. There > are no 4kB you can take out and reconstruct the key > from them. > That said, I think if you have an issue with 10MB extra > today and are willing to sacrifice security to get rid > of them, then you are doing it massively wrong. Maybe > just do without encryption and security, it clearly is > not your first priority.... Actually, I believe my scheme is more secure than the default. My luks header is detached and is stored encrypted on SD card, separate from the disk. In plaintext form, it only exists in memory. It is not that 10MB are unbearable. I just see no use in antiforensic stripes when stored in memory. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
